Systems Engineering Blog

Five Ways to Protect Data in the Cloud

As we've begun to adopt a myriad of cloud-based services, our network perimeter has become more expansive and therefore, potentially more porous. Cloud services may need additional open firewall ports, which is equivalent to opening more doors to your home. On top of this, employees are now working wherever they want while utilizing a handful of different devices. Last but not least, your data is racking up an impressive amount of frequent flier miles as it travels and is stored in platforms strewn all across the country. So, how do you keep IT secure?

If you’re a Network Security Administrator, the security tools you used to manage – resembling something like a toll booth – now probably look more like an air traffic control center. That said, investments in information technology (IT) are meant to enable efficiency, not constrain it; and it’s still a winnable fight.

The secret?IDENTITY Security.

The security of identity has evolved and uses some compelling new tools to build a set of parameters that dictate which users can access which applications, which data, from where, and with what device. The authentication handshake we used to employ looked something like this:

Username and password correct?

Is the device located within the network?

Green light.

This doesn't cut it anymore. As you adopt cloud services, more variables come into play. To offset these variables, a more complicated set of questions like these are posed before authenticating the end user's access - this is known as identity security.

Username and password correct?

Is the device located on the network?

If not, where is the connection’s Internet Protocol (IP) address?

Is this a secured connection?

Is the device up to date with anti-virus definitions and operating system (OS) patches?

Is this a recognized device or a new device?

Can the user verify their identity with something they have (token or phone)?

Does this user have the permissions they require to do what they’re trying to do?

Is encryption required to safely execute this action?

Though it sounds like a headache, the cyber security market has produced many valuable services which simplify this type of authentication and bridge the gap between mobility and security in compelling ways. Let's explore them.

Five Security-Based Tools to Consider

1. Cloud-based Active Directory

Synchronize your users, permissions, and authentication requirements across disparate applications and services by extending Active Directory to the Cloud. Call it step 1.

2. Identity Management Services

You make the rules. Identity Management Services, such as Microsoft Enterprise Mobility + Security (EMS), allows your organization to specify authentication requirements with a whole new set of criteria. Cloud-based dual-factor authentication, patching and anti-virus requirements, and even bio-metrics like fingerprints can be leveraged to ensure your data is secure.

3. Mobile Device/Application Management (MDM, MAM)

Let's say I'm the airport and I need to pull up a customer’s financial record. MDM and MAM solutions provide encryption services and management features that solve this problem while retaining your organization’s ability to control risk. Conversely, if an employee leaves your organization, these tools can execute a remote wipe of very specific applications and data from the former employee’s devices.

4. Vendor Management

You’re only as strong as your weakest link. To safely do business in today’s market of outsourcing, multi-sourcing, and public/hybrid cloud services, vendor due diligence is crucial. Consider the vigilance you’ve given to your own security posture and extend those same requirements to your business partners. Word to the wise: your business partners include your applications vendors. Keep an open mind – you might learn something from what your partners are doing too! Think of it as a club – set your requirements and stick to them – you’ll be doing everyone a favor.

5. Encryption

Surprise, surprise. Encryption doesn’t only apply to email anymore. Are your backups being sent offsite via an encrypted tunnel? Does compliance require that you encrypt server hard drives? Are your desktop hard drives encrypted? Are your WAN circuits encrypted? How about the path from your firewall to your hosted VoIP service’s data center? And the email app your employees have on their phones? Check these boxes off one by one. Working from anywhere introduces the risk of anywhere. Bring the security of encryption along for the ride.

Still want to learn more about this topic? On June 12, 14, and 20, Systems Engineering will be hosting a Lunch & Learn event in three locations to discuss Security & Compliance in the Cloud: The New Perimeter. During the presentation, our speakers will look at what it means to move data to the cloud from an auditing and compliance perspective as well as the various ways in which to protect IT.